Configuring Communication Services
|
|
- Pamela Newman
- 7 years ago
- Views:
Transcription
1 Configuring Communication Services This chapter includes the following sections: Communication Services, page 1 Configuring CIM XML, page 2 Configuring HTTP, page 3 Unconfiguring HTTP, page 4 Configuring HTTPS, page 4 Enabling HTTP Redirection, page 14 Configuring SNMP, page 15 Enabling Telnet, page 22 Disabling Communication Services, page 22 Communication Services You can use the following communication services to interface third-party applications with Cisco UCS: Communication Service CIM XML Description This service is disabled by default and is only available in read-only mode. The default port is This common information model is one of the standards defined by the Distributed Management Task Force. OL
2 Configuring CIM XML Configuring Communication Services Communication Service HTTP HTTPS SMASH CLP SNMP SSH Telnet Description This service is enabled on port 80 by default. You must enable either HTTP or HTTPS to run Cisco UCS Manager GUI. If you select HTTP, all data is exchanged in clear text mode. For security purposes, we recommend that you enable HTTPS and disable HTTP. By default, Cisco UCS redirects any attempt to communicate via HTTP to the HTTPS equivalent. We recommend that you do not change this behavior. Note If you are upgrading to Cisco UCS, version 1.4(1), this does not happen by default. If you want to redirect any attempt to communicate via HTTP to an HTTPS equivalent, you should enable Redirect HTTP to HTTPS in Cisco UCS Manager. This service is enabled on port 443 by default. With HTTPS, all data is exchanged in encrypted mode through a secure server. For security purposes, we recommend that you only use HTTPS and either disable or redirect HTTP communications. This service is enabled for read-only access and supports a limited subset of the protocols, such as the show command. You cannot disable it. This shell service is one of the standards defined by the Distributed Management Task Force. This service is disabled by default. If enabled, the default port is 161. You must configure the community and at least one SNMP trap. Enable this service only if your system includes integration with an SNMP server. This service is enabled on port 22. You cannot disable it, nor can you change the default port. This service provides access to the Cisco UCS Manager CLI. This service is disabled by default. This service provides access to the Cisco UCS Manager CLI. Configuring CIM XML Enters system mode. Enters system services mode. 2 OL
3 Configuring Communication Services Configuring HTTP Step 5 UCS-A /system/services # enable cimxml UCS-A /system/services # set cimxml port port-num UCS-A /system/services # commit-buffer Enables the CIM XLM service. Specifies the port to be used for the CIM XML connection. Commits the transaction to the system configuration. The following example enables CIM XML, sets the port number to 5988, and commits the transaction: UCS-A /system/services # enable cimxml UCS-A /system/services* # set cimxml port 5988 UCS-A /system/services* # commit-buffer UCS-A /system/services # Configuring HTTP Step 5 UCS-A /system/services # enable http UCS-A /system/services # set http port port-num UCS-A /system/services # commit-buffer Enters system mode. Enters system services mode. Enables the HTTP service. Specifies the port to be used for the HTTP connection. Commits the transaction to the system configuration. The following example enables HTTP, sets the port number to 80, and commits the transaction: UCS-A /system/services # enable http UCS-A /system/services* # set http port 80 Warning: When committed, this closes all the web sessions. UCS-A /system/services* # commit-buffer UCS-A /system/services # OL
4 Unconfiguring HTTP Configuring Communication Services Unconfiguring HTTP UCS-A /system/services # disable http UCS-A /system/services # commit-buffer Enters system mode. Enters system services mode. Disables the HTTP service. Commits the transaction to the system configuration. The following example disables HTTP and commits the transaction: UCS-A /system/services # disable http UCS-A /system/services* # commit-buffer UCS-A /system/services # Configuring HTTPS Certificates, Key Rings, and Trusted Points HTTPS uses components of the Public Key Infrastructure (PKI) to establish secure communications between two devices, such as a client's browser and Cisco UCS Manager. Encryption Keys and Key Rings Each PKI device holds a pair of asymmetric Rivest-Shamir-Adleman (RSA) encryption keys, one kept private and one made public, stored in an internal key ring. A message encrypted with either key can be decrypted with the other key. To send an encrypted message, the sender encrypts the message with the receiver's public key, and the receiver decrypts the message using its own private key. A sender can also prove its ownership of a public key by encrypting (also called 'signing') a known message with its own private key. If a receiver can successfully decrypt the message using the public key in question, the sender's possession of the corresponding private key is proven. Encryption keys can vary in length, with typical lengths from 512 bits to 2048 bits. In general, a longer key is more secure than a shorter key. Cisco UCS Manager provides a default key ring with an initial 1024-bit key pair, and allows you to create additional key rings. The default key ring certificate must be manually regenerated if the cluster name changes or the certificate expires. This operation is only available in the UCS Manager CLI. 4 OL
5 Configuring Communication Services Creating a Key Ring Certificates To prepare for secure communications, two devices first exchange their digital certificates. A certificate is a file containing a device's public key along with signed information about the device's identity. To merely support encrypted communications, a device can generate its own key pair and its own self-signed certificate. When a remote user connects to a device that presents a self-signed certificate, the user has no easy method to verify the identity of the device, and the user's browser will initially display an authentication warning. By default, Cisco UCS Manager contains a built-in self-signed certificate containing the public key from the default key ring. Trusted Points To provide stronger authentication for Cisco UCS Manager, you can obtain and install a third-party certificate from a trusted source, or trusted point, that affirms the identity of your device. The third-party certificate is signed by the issuing trusted point, which can be a root certificate authority (CA) or an intermediate CA or trust anchor that is part of a trust chain that leads to a root CA. To obtain a new certificate, you must generate a certificate request through Cisco UCS Manager and submit the request to a trusted point. Important The certificate must be in Base64 encoded X.509 (CER) format. Creating a Key Ring Cisco UCS Manager supports a maximum of 8 key rings, including the default key ring. UCS-A /security # create keyring keyring-name UCS-A /security/keyring # set modulus {mod1024 mod1536 mod2048 mod512} UCS-A /security/keyring # commit-buffer Enters security mode. Creates and names the key ring. Sets the SSL key length in bits. Commits the transaction. The following example creates a keyring with a key size of 1024 bits: UCS-A /security # create keyring kr220 UCS-A /security/keyring* # set modulus mod1024 UCS-A /security/keyring* # commit-buffer UCS-A /security/keyring # What to Do Next Create a certificate request for this key ring. OL
6 Regenerating the Default Key Ring Configuring Communication Services Regenerating the Default Key Ring The default key ring certificate must be manually regenerated if the cluster name changes or the certificate expires. UCS-A /security # scope keyring default UCS-A /security/keyring # set regenerate yes UCS-A /security/keyring # commit-buffer Enters security mode. Enters key ring security mode for the default key ring. Regenerates the default key ring. Commits the transaction. The following example regenerates the default key ring: UCS-A /security # scope keyring default UCS-A /security/keyring* # set regenerate yes UCS-A /security/keyring* # commit-buffer UCS-A /security/keyring # Creating a Certificate Request for a Key Ring Creating a Certificate Request for a Key Ring with Basic Options Enters security mode. UCS-A /security # scope keyring keyring-name UCS-A /security/keyring # create certreq {ip ip-address subject-name name} Enters configuration mode for the key ring. Creates a certificate request using the IP address or name of the fabric interconnect. You are prompted to enter a password for the certificate request. UCS-A /security/keyring/certreq* # commit-buffer Commits the transaction. 6 OL
7 Configuring Communication Services Creating a Certificate Request for a Key Ring Step 5 UCS-A /security/keyring # show certreq Displays the certificate request, which you can copy and send to a trust anchor or certificate authority. The following example creates and displays a certificate request for a key ring with basic options: UCS-A /security # scope keyring kr220 UCS-A /security/keyring # create certreq ip subject-name sjc04 Certificate request password: Confirm certificate request password: UCS-A /security/keyring* # commit-buffer UCS-A /security/keyring # show certreq Certificate request subject name: sjc04 Certificate request ip address: Certificate request name: Certificate request country name: State, province or county (full name): Locality (eg, city): Organization name (eg, company): Organization Unit name (eg, section): Request: -----BEGIN CERTIFICATE REQUEST----- MIIBfTCB5wIBADARMQ8wDQYDVQQDEwZzYW1jMDQwgZ8wDQYJKoZIhvcNAQEBBQAD gy0amigjaogbalpkn1t8qmzo4ugqilkfxqqc2c8b/vw2rnrf8ophkbhghla1yz1f JqcYEG5Yl1+vgohLBTd45s0GC8m4RTLJWHo4SwccAUXQ5Zngf45YtX1WsylwUWV4 0re/zgTk/WCd56RfOBvWR2Dtztu2pGA14sd761zLxt29K7R8mzj6CAUVAgMBAAGg LTArBgkqhkiG9w0BCQ4xHjAcMBoGA1UdEQEB/wQQMA6CBnNhbWMwNIcECsEiXjAN BgkqhkiG9w0BAQQFAAOBgQCsxN0qUHYGFoQw56RwQueLTNPnrndqUwuZHUO03Teg nhsyu4satpyipqvv9vikz+spvc6x5pwictwghhh8bimob/0okug8kwfiggsedlav TTYvUP+BZ9OFiPbRIA718S+V8ndXr1HejiQGxlDNqoN+odCXPc5kjoXD0lZTL09H BA== -----END CERTIFICATE REQUEST----- UCS-A /security/keyring # Creating a Certificate Request for a Key Ring with Advanced Options Step 5 UCS-A /security # scope keyring keyring-name UCS-A /security/keyring # create certreq UCS-A /security/keyring/certreq* # set country country name UCS-A /security/keyring/certreq* # set dns DNS Name Enters security mode. Enters configuration mode for the key ring. Creates a certificate request. Specifies the country code of the country in which the company resides. Specifies the Domain Name Server (DNS) address associated with the request. OL
8 Creating a Certificate Request for a Key Ring Configuring Communication Services Step 6 UCS-A /security/keyring/certreq* # set name Specifies the address associated with the certificate request. Step 7 Step 8 Step UCS-A /security/keyring/certreq* # set ip certificate request ip address UCS-A /security/keyring/certreq* # set locality locality name (eg, city) UCS-A /security/keyring/certreq* # set org-name organization name UCS-A /security/keyring/certreq* # set org-unit-name organizational unit name UCS-A /security/keyring/certreq* # set password certificate request password UCS-A /security/keyring/certreq* # set state state, province or county UCS-A /security/keyring/certreq* # set subject-name certificate request name UCS-A /security/keyring/certreq* # commit-buffer UCS-A /security/keyring # show certreq Specifies the IP address of the Fabric Interconnect. Specifies the city or town in which the company requesting the certificate is headquartered. Specifies the organization requesting the certificate. Specifies the organizational unit. Specifies an optional password for the certificate request. Specifies the state or province in which the company requesting the certificate is headquartered. Specifies the fully qualified domain name of the Fabric Interconnect. Commits the transaction. Displays the certificate request, which you can copy and send to a trust anchor or certificate authority. The following example creates and displays a certificate request for a key ring with advanced options: UCS-A /security # scope keyring kr220 UCS-A /security/keyring # create certreq UCS-A /security/keyring/certreq* # set ip UCS-A /security/keyring/certreq* # set subject-name sjc04 UCS-A /security/keyring/certreq* # set country US UCS-A /security/keyring/certreq* # set dns bg1-samc-15a UCS-A /security/keyring/certreq* # set test@cisco.com UCS-A /security/keyring/certreq* # set locality new york city UCS-A /security/keyring/certreq* # set org-name "Cisco Systems" UCS-A /security/keyring/certreq* # set org-unit-name Testing UCS-A /security/keyring/certreq* # set state new york UCS-A /security/keyring/certreq* # commit-buffer UCS-A /security/keyring/certreq # show certreq Certificate request subject name: sjc04 Certificate request ip address: Certificate request name: test@cisco.com Certificate request country name: US State, province or county (full name): New York Locality name (eg, city): new york city Organization name (eg, company): Cisco Organization Unit name (eg, section): Testing 8 OL
9 Configuring Communication Services Creating a Trusted Point Request: -----BEGIN CERTIFICATE REQUEST----- MIIBfTCB5wIBADARMQ8wDQYDVQQDEwZzYW1jMDQwgZ8wDQYJKoZIhvcNAQEBBQAD gy0amigjaogbalpkn1t8qmzo4ugqilkfxqqc2c8b/vw2rnrf8ophkbhghla1yz1f JqcYEG5Yl1+vgohLBTd45s0GC8m4RTLJWHo4SwccAUXQ5Zngf45YtX1WsylwUWV4 0re/zgTk/WCd56RfOBvWR2Dtztu2pGA14sd761zLxt29K7R8mzj6CAUVAgMBAAGg LTArBgkqhkiG9w0BCQ4xHjAcMBoGA1UdEQEB/wQQMA6CBnNhbWMwNIcECsEiXjAN BgkqhkiG9w0BAQQFAAOBgQCsxN0qUHYGFoQw56RwQueLTNPnrndqUwuZHUO03Teg nhsyu4satpyipqvv9vikz+spvc6x5pwictwghhh8bimob/0okug8kwfiggsedlav TTYvUP+BZ9OFiPbRIA718S+V8ndXr1HejiQGxlDNqoN+odCXPc5kjoXD0lZTL09H BA== -----END CERTIFICATE REQUEST----- UCS-A /security/keyring/certreq # What to Do Next Copy the text of the certificate request, including the BEGIN and END lines, and save it in a file. Send the file with the certificate request to a trust anchor or certificate authority to obtain a certificate for the key ring. Create a trusted point and set the certificate chain for the certificate of trust received from the trust anchor. Creating a Trusted Point Enters security mode. UCS-A /security # create trustpoint name UCS-A /security/trustpoint # set certchain [ certchain ] UCS-A /security/trustpoint # commit-buffer Creates and names a trusted point. Specifies certificate information for this trusted point. If you do not specify certificate information in the command, you are prompted to enter a certificate or a list of trustpoints defining a certification path to the root certificate authority (CA). On the next line following your input, type ENDOFBUF to finish. Important Commits the transaction. The certificate must be in Base64 encoded X.509 (CER) format. The following example creates a trusted point and provides a certificate for the trusted point: UCS-A /security # create trustpoint tpoint10 UCS-A /security/trustpoint* # set certchain Enter lines one at a time. Enter ENDOFBUF to finish. Press ^C to abort. Trustpoint Certificate Chain: > -----BEGIN CERTIFICATE----- > MIIDMDCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADB0MQswCQYDVQQGEwJVUzEL OL
10 Importing a Certificate into a Key Ring Configuring Communication Services > BxMMU2FuIEpvc2UsIENBMRUwEwYDVQQKEwxFeGFtcGxlIEluYy4xEzARBgNVBAsT > ClRlc3QgR3JvdXAxGTAXBgNVBAMTEHRlc3QuZXhhbXBsZS5jb20xHzAdBgkqhkiG > 9w0BCQEWEHVzZXJAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ > AoGBAMZw4nTepNIDhVzb0j7Z2Je4xAG56zmSHRMQeOGHemdh66u2/XAoLx7YCcYU > ZgAMivyCsKgb/6CjQtsofvtrmC/eAehuK3/SINv7wd6Vv2pBt6ZpXgD4VBNKONDl > GMbkPayVlQjbG4MD2dx2+H8EH3LMtdZrgKvPxPTE+bF5wZVNAgMBAAGgJTAjBgkq > hkig9w0bcqcxfhmuqsbjagfsbgvuz2ugcgfzc3dvcmqwdqyjkozihvcnaqefbqad > gyeag61cajojavmhzcl903o6mg51zq1zxcz75+vfj2i6rh9asckcld3mkovx5gju > Ptt5CVQpNgNLdvbDPSsXretysOhqHmp9+CLv8FDuy1CDYfuaLtvlWvfhevskV0j6 > jtcemyz+f7+3yh421ido3no4migebgnvhsmegzywgzoafllnjtcemyz+f7+3yh42 > 1ido3nO4oXikdjB0MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcT > C1NhbnRhIENsYXJhMRswGQYDVQQKExJOdW92YSBTeXN0ZW1zIEluYy4xFDASBgNV > BAsTC0VuZ2luZWVyaW5nMQ8wDQYDVQQDEwZ0ZXN0Q0GCAQAwDAYDVR0TBAUwAwEB > /zanbgkqhkig9w0baqqfaaobgqahwarwxnr6b4g6lsnr+fpthv+wvhb5fkqgqqxc > wr4pyio4z42/j9ijenh75tckmhw51az8copp1ebmocyuhf5c6vasrenn1ddkkyt4 > PR0vxGc40whuiozBolesmsmjBbedUCwQgdFDWhDIZJwK5+N3x/kfa2EHU6id1avt > 4YL5Jg== > -----END CERTIFICATE----- > ENDOFBUF UCS-A /security/trustpoint* # commit-buffer UCS-A /security/trustpoint # What to Do Next Obtain a key ring certificate from the trust anchor or certificate authority and import it into the key ring. Importing a Certificate into a Key Ring Before You Begin Configure a trusted point that contains the certificate chain for the key ring certificate. Obtain a key ring certificate from a trust anchor or certificate authority. UCS-A /security # scope keyring keyring-name UCS-A /security/keyring # set trustpoint name Enters security mode. Enters configuration mode for the key ring that will receive the certificate. Specifies the trusted point for the trust anchor or certificate authority from which the key ring certificate was obtained. Step 5 UCS-A /security/keyring # set cert UCS-A /security/keyring # commit-buffer Launches a dialog for entering and uploading the key ring certificate. At the prompt, paste the certificate text that you received from the trust anchor or certificate authority. On the next line following the certificate, type ENDOFBUF to complete the certificate input. Important Commits the transaction. The certificate must be in Base64 encoded X.509 (CER) format. 10 OL
11 Configuring Communication Services Configuring HTTPS The following example specifies the trust point and imports a certificate into a key ring: UCS-A /security # scope keyring kr220 UCS-A /security/keyring # set trustpoint tpoint10 UCS-A /security/keyring* # set cert Enter lines one at a time. Enter ENDOFBUF to finish. Press ^C to abort. Keyring certificate: > -----BEGIN CERTIFICATE----- > MIIB/zCCAWgCAQAwgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UE > BxMMU2FuIEpvc2UsIENBMRUwEwYDVQQKEwxFeGFtcGxlIEluYy4xEzARBgNVBAsT > ClRlc3QgR3JvdXAxGTAXBgNVBAMTEHRlc3QuZXhhbXBsZS5jb20xHzAdBgkqhkiG > 9w0BCQEWEHVzZXJAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ > AoGBAMZw4nTepNIDhVzb0j7Z2Je4xAG56zmSHRMQeOGHemdh66u2/XAoLx7YCcYU > ZgAMivyCsKgb/6CjQtsofvtrmC/eAehuK3/SINv7wd6Vv2pBt6ZpXgD4VBNKONDl > GMbkPayVlQjbG4MD2dx2+H8EH3LMtdZrgKvPxPTE+bF5wZVNAgMBAAGgJTAjBgkq > hkig9w0bcqcxfhmuqsbjagfsbgvuz2ugcgfzc3dvcmqwdqyjkozihvcnaqefbqad > gyeag61cajojavmhzcl903o6mg51zq1zxcz75+vfj2i6rh9asckcld3mkovx5gju > Ptt5CVQpNgNLdvbDPSsXretysOhqHmp9+CLv8FDuy1CDYfuaLtvlWvfhevskV0j6 > mk3ku+yiornv6dhxrooqau8r/hyi/l43l7ipn1hhoi3oha4= > -----END CERTIFICATE----- > ENDOFBUF UCS-A /security/keyring* # commit-buffer UCS-A /security/keyring # What to Do Next Configure your HTTPS service with the key ring. Configuring HTTPS Caution After you complete the HTTPS configuration, including changing the port and key ring to be used by HTTPS, all current HTTP and HTTPS sessions are closed without warning as soon as you save or commit the transaction. UCS-A /system # scope services UCS-A /system/services # enable https UCS-A /system/services # set https port port-num Enters system mode. Enters system services mode. Enables the HTTPS service. (Optional) Specifies the port to be used for the HTTPS connection. OL
12 Configuring HTTPS Configuring Communication Services Step 5 UCS-A /system/services # set https keyring keyring-name Step 6 UCS-A /system/services # set https cipher-suite-mode cipher-suite-mode (Optional) Specifies the name of the key ring you created for HTTPS. (Optional) The level of Cipher Suite security used by the Cisco UCS domain. cipher-suite-mode can be one of the following keywords: high-strength medium-strength low-strength custom Allows you to specify a user-defined Cipher Suite specification string. Step 7 UCS-A /system/services # set https cipher-suite cipher-suite-spec-string Step 8 UCS-A /system/services # commit-buffer (Optional) Specifies a custom level of Cipher Suite security for this Cisco UCS domain if cipher-suite-mode is set to custom. cipher-suite-spec-string can contain up to 256 characters and must conform to the OpenSSL Cipher Suite specifications. You cannot use any spaces or special characters except! (exclamation point), + (plus sign), - (hyphen), and : (colon). For details, see For example, the medium strength specification string Cisco UCS Manager uses as the default is: ALL:!ADH:!EXPORT56:!LOW:RC4+RSA:+HIGH:+MEDIUM:+EXP:+eNULL Note This option is ignored if cipher-suite-mode is set to anything other than custom. Commits the transaction to the system configuration. The following example enables HTTPS, sets the port number to 443, sets the key ring name to kring7984, sets the Cipher Suite security level to high, and commits the transaction: UCS-A /system/services # enable https UCS-A /system/services* # set https port 443 Warning: When committed, this closes all the web sessions. UCS-A /system/services* # set https keyring kring7984 UCS-A /system/services* # set https cipher-suite-mode high UCS-A /system/services* # commit-buffer UCS-A /system/services # 12 OL
13 Configuring Communication Services Deleting a Key Ring Deleting a Key Ring UCS-A /security # delete keyring name UCS-A /security # commit-buffer Enters security mode. Deletes the named key ring. Commits the transaction. The following example deletes a key ring: UCS-A /security # delete keyring key10 UCS-A /security* # commit-buffer UCS-A /security # Deleting a Trusted Point Before You Begin Ensure that the trusted point is not used by a key ring. UCS-A /security # delete trustpoint name UCS-A /security # commit-buffer Enters security mode. Deletes the named trusted point. Commits the transaction. The following example deletes a trusted point: UCS-A /security # delete trustpoint tpoint10 UCS-A /security* # commit-buffer UCS-A /security # Unconfiguring HTTPS Before You Begin Disable HTTP to HTTPS redirection. OL
14 Enabling HTTP Redirection Configuring Communication Services UCS-A /system/services # disable https UCS-A /system/services # commit-buffer Enters system mode. Enters system services mode. Disables the HTTPS service. Commits the transaction to the system configuration. The following example disables HTTPS and commits the transaction: UCS-A /system/services # disable https UCS-A /system/services* # commit-buffer UCS-A /system/services # Enabling HTTP Redirection Before You Begin Enable both HTTP and HTTPS. UCS-A /system/services # enable http-redirect UCS-A /system/services # commit-buffer Enters system mode. Enters system services mode. Enables the HTTP redirect service. If enabled, all attempts to communicate via HTTP are redirected to the equivalent HTTPS address. This option effectively disables HTTP access to this Cisco UCS domain. Commits the transaction to the system configuration. The following example enables HTTP to HTTPS redirection and commits the transaction: UCS-A /system/services # enable http-redirect Warning: When committed, this closes all the web sessions. 14 OL
15 Configuring Communication Services Configuring SNMP UCS-A /system/services* # commit-buffer UCS-A /system/services # Configuring SNMP Information about SNMP The Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network. SNMP Functional Overview The SNMP framework consists of three parts: An SNMP manager The system used to control and monitor the activities of network devices using SNMP. An SNMP agent The software component within Cisco UCS, the managed device, that maintains the data for Cisco UCS and reports the data, as needed, to the SNMP manager. Cisco UCS includes the agent and a collection of MIBs. To enable the SNMP agent and create the relationship between the manager and agent, enable and configure SNMP in Cisco UCS Manager. A managed information base (MIB) The collection of managed objects on the SNMP agent. Cisco UCS release 1.4(1) and higher support a larger number of MIBs than earlier releases. Cisco UCS supports SNMPv1, SNMPv2c and SNMPv3. Both SNMPv1 and SNMPv2c use a community-based form of security. SNMP is defined in the following: RFC 3410 ( RFC 3411 ( RFC 3412 ( RFC 3413 ( RFC 3414 ( RFC 3415 ( RFC 3416 ( RFC 3417 ( RFC 3418 ( RFC 3584 ( SNMP Notifications A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do not require that requests be sent from the SNMP manager. Notifications can indicate improper user OL
16 Information about SNMP Configuring Communication Services authentication, restarts, the closing of a connection, loss of connection to a neighbor router, or other significant events. Cisco UCS Manager generates SNMP notifications as either traps or informs. Traps are less reliable than informs because the SNMP manager does not send any acknowledgment when it receives a trap, and Cisco UCS Manager cannot determine if the trap was received. An SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the Cisco UCS Manager does not receive the PDU, it can send the inform request again. SNMP Security Levels and Privileges SNMPv1, SNMPv2c, and SNMPv3 each represent a different security model. The security model combines with the selected security level to determine the security mechanism applied when the SNMP message is processed. The security level determines the privileges required to view the message associated with an SNMP trap. The privilege level determines whether the message needs to be protected from disclosure or authenticated. The supported security level depends upon which security model is implemented. SNMP security levels support one or more of the following privileges: noauthnopriv No authentication or encryption authnopriv Authentication but no encryption authpriv Authentication and encryption SNMPv3 provides for both security models and security levels. A security model is an authentication strategy that is set up for a user and the role in which the user resides. A security level is the permitted level of security within a security model. A combination of a security model and a security level determines which security mechanism is employed when handling an SNMP packet. Supported Combinations of SNMP Security Models and Levels The following table identifies what the combinations of security models and levels mean. Table 1: SNMP Security Models and Levels Model Level Authentication Encryption What Happens v1 noauthnopriv Community string No Uses a community string match for authentication. v2c noauthnopriv Community string No Uses a community string match for authentication. v3 noauthnopriv Username No Uses a username match for authentication. 16 OL
17 Configuring Communication Services SNMP Support in Cisco UCS Model Level Authentication Encryption What Happens v3 authnopriv HMAC-MD5 or HMAC-SHA No Provides authentication based on the Hash-Based Message Authentication Code (HMAC) Message Digest 5 (MD5) algorithm or the HMAC Secure Hash Algorithm (SHA). v3 authpriv HMAC-MD5 or HMAC-SHA DES Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides Data Encryption Standard (DES) 56-bit encryption in addition to authentication based on the Cipher Block Chaining (CBC) DES (DES-56) standard. SNMPv3 Security Features SNMPv3 provides secure access to devices by a combination of authenticating and encrypting frames over the network. SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages. The SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the following services: Message integrity Ensures that messages have not been altered or destroyed in an unauthorized manner and that data sequences have not been altered to an extent greater than can occur non-maliciously. Message origin authentication Ensures that the claimed identity of the user on whose behalf received data was originated is confirmed. Message confidentiality and encryption Ensures that information is not made available or disclosed to unauthorized individuals, entities, or processes. SNMP Support in Cisco UCS Cisco UCS provides the following support for SNMP: OL
18 Enabling SNMP and Configuring SNMP Properties Configuring Communication Services Support for MIBs Cisco UCS supports read-only access to MIBs. For information about the specific MIBs available for Cisco UCS and where you can obtain them, see the MIB Quick Reference for Cisco UCS. Authentication Protocols for SNMPv3 Users Cisco UCS supports the following authentication protocols for SNMPv3 users: HMAC-MD5-96 (MD5) HMAC-SHA-96 (SHA) AES Privacy Protocol for SNMPv3 Users Cisco UCS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3 message encryption and conforms with RFC The privacy password, or priv option, offers a choice of DES or 128-bit AES encryption for SNMP security encryption. If you enable AES-128 configuration and include a privacy password for an SNMPv3 user, Cisco UCS Manager uses the privacy password to generate a 128-bit AES key. The AES privacy password can have a minimum of eight characters. If the passphrases are specified in clear text, you can specify a maximum of 64 characters. Enabling SNMP and Configuring SNMP Properties SNMP messages from a Cisco UCS domain display the fabric interconnect name rather than the system name. Step 5 Step 6 UCS-A# scope monitoring UCS-A /monitoring # enable snmp UCS-A /monitoring # set snmp community community-name UCS-A /monitoring # set snmp syscontact system-contact-name UCS-A /monitoring # set snmp syslocation system-location-name UCS-A /monitoring # commit-buffer Enters monitoring mode. Enables SNMP. Specifies SNMP community. The community name can be any alphanumeric string up to 32 characters. Specifies the system contact person responsible for the SNMP. The system contact name can be any alphanumeric string up to 255 characters, such as an address or name and telephone number. Specifies the location of the host on which the SNMP agent (server) runs. The system location name can be any alphanumeric string up to 512 characters. Commits the transaction to the system configuration. 18 OL
19 Configuring Communication Services Creating an SNMP Trap The following example enables SNMP, configures an SNMP community named SnmpCommSystem2, configures a system contact named contactperson, configures a contact location named systemlocation, and commits the transaction: UCS-A# scope monitoring UCS-A /monitoring # enable snmp UCS-A /monitoring* # set snmp community SnmpCommSystem2 UCS-A /monitoring* # set snmp syscontact contactperson1 UCS-A /monitoring* # set snmp syslocation systemlocation UCS-A /monitoring* # commit-buffer UCS-A /monitoring # What to Do Next Create SNMP traps and users. Creating an SNMP Trap Step 5 Step 6 Step 7 Step 8 UCS-A# scope monitoring UCS-A /monitoring # enable snmp UCS-A /monitoring # create snmp-trap {hostname ip-addr} UCS-A /monitoring/snmp-trap # set community community-name UCS-A /monitoring/snmp-trap # set port port-num UCS-A /monitoring/snmp-trap # set version {v1 v2c v3} UCS-A /monitoring/snmp-trap # set notification type {traps informs} UCS-A /monitoring/snmp-trap # set v3 privilege {auth noauth priv} Enters monitoring mode. Enables SNMP. Creates an SNMP trap host with the specified hostname or IP address. Specifies the SNMP community name to be used for the SNMP trap. Specifies the port to be used for the SNMP trap. Specifies the SNMP version and model used for the trap. (Optional) If you select v2c or v3 for the version, the type of trap to send. (Optional) If you select v3 for the version, the privilege associated with the trap. This can be: auth Authentication but no encryption noauth No authentication or encryption priv Authentication and encryption OL
20 Deleting an SNMP Trap Configuring Communication Services Step 9 UCS-A /monitoring/snmp-trap # commit-buffer Commits the transaction to the system configuration. The following example enables SNMP, creates an SNMP trap, specifies that the trap will use the SnmpCommSystem2 community on port 2, sets the version to v3, sets the notification type to traps, sets the v3 privilege to priv, and commits the transaction: UCS-A# scope monitoring UCS-A /monitoring # enable snmp UCS-A /monitoring* # create snmp-trap UCS-A /monitoring/snmp-trap* # set community SnmpCommSystem2 UCS-A /monitoring/snmp-trap* # set port 2 UCS-A /monitoring/snmp-trap* # set version v3 UCS-A /monitoring/snmp-trap* # set notificationtype traps UCS-A /monitoring/snmp-trap* # set v3 privilege priv UCS-A /monitoring/snmp-trap* # commit-buffer UCS-A /monitoring/snmp-trap # Deleting an SNMP Trap UCS-A# scope monitoring UCS-A /monitoring # delete snmp-trap {hostname ip-addr} UCS-A /monitoring # commit-buffer Enters monitoring mode. Deletes the specified SNMP trap host with the specified hostname or IP address. Commits the transaction to the system configuration. The following example deletes the SNMP trap at IP address and commits the transaction: UCS-A# scope monitoring UCS-A /monitoring # delete snmp-trap UCS-A /monitoring* # commit-buffer UCS-A /monitoring # Creating an SNMPv3 User UCS-A# scope monitoring Enters monitoring mode. 20 OL
21 Configuring Communication Services Deleting an SNMPv3 User UCS-A /monitoring # enable snmp Enables SNMP. UCS-A /monitoring # create snmp-user user-name Creates the specified SNMPv3 user. An SNMP username cannot be the same as a local username. Choose an SNMP username that does not match a local username. Step 5 Step 6 Step 7 Step 8 UCS-A /monitoring/snmp-user # set aes-128 {no yes} UCS-A /monitoring/snmp-user # set auth {md5 sha} UCS-A /monitoring/snmp-user # set password UCS-A /monitoring/snmp-user # set priv-password UCS-A /monitoring/snmp-user # commit-buffer Enables or disables the use of AES-128 encryption. Specifies the use of MD5 or DHA authentication. Specifies the user password. After you enter the set password command, you are prompted to enter and confirm the password. Specifies the user privacy password. After you enter the set priv-password command, you are prompted to enter and confirm the privacy password. Commits the transaction to the system configuration. The following example enables SNMP, creates an SNMPv3 user named snmp-user14, disables AES-128 encryption, specifies the use of MD5 authentication, sets the password and privacy password, and commits the transaction: UCS-A# scope monitoring UCS-A /monitoring # enable snmp UCS-A /monitoring* # create snmp-user snmp-user14 UCS-A /monitoring/snmp-user* # set aes-128 no UCS-A /monitoring/snmp-user* # set auth md5 UCS-A /monitoring/snmp-user* # set password Enter a password: Confirm the password: UCS-A /monitoring/snmp-user* # set priv-password Enter a password: Confirm the password: UCS-A /monitoring/snmp-user* # commit-buffer UCS-A /monitoring/snmp-user # Deleting an SNMPv3 User UCS-A# scope monitoring Enters monitoring mode. OL
22 Enabling Telnet Configuring Communication Services UCS-A /monitoring # delete snmp-user user-name UCS-A /monitoring # commit-buffer Deletes the specified SNMPv3 user. Commits the transaction to the system configuration. The following example deletes the SNMPv3 user named snmp-user14 and commits the transaction: UCS-A# scope monitoring UCS-A /monitoring # delete snmp-user snmp-user14 UCS-A /monitoring* # commit-buffer UCS-A /monitoring # Enabling Telnet UCS-A /services # enable telnet-server UCS-A /services # commit-buffer Enters system mode. Enters system services mode. Enables the Telnet service. Commits the transaction to the system configuration. The following example enables Telnet and commits the transaction: UCS-A /services # enable telnet-server UCS-A /services* # commit-buffer UCS-A /services # Disabling Communication Services Enters system mode. Enters system services mode. 22 OL
23 Configuring Communication Services Disabling Communication Services UCS-A /system/services # disable service-name UCS-A /system/services # commit-buffer Disables the specified service, where the service-name argument is one of the following keywords: cimxml Disables CIM XML service http Disables HTTP service https Disables HTTPS service telnet-server Disables Telnet service Commits the transaction to the system configuration. The following example disables CIM XML and commits the transaction: UCS-A# scope services UCS-A /system/services # disable cimxml UCS-A /system/services* # commit-buffer UCS-A /system/services # OL
24 Disabling Communication Services Configuring Communication Services 24 OL
SNMP Version 3. Finding Feature Information. Information About SNMP Version 3. Security Features in SNMP Version 3
The feature provides secure access to devices by authenticating and encrypting data packets over the network. Simple Network Management Protocol version 3 (SNMPv3) is an interoperable, standards-based
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationConfiguring Simple Network Management Protocol (SNMP)
Configuring Simple Network Management Protocol (SNMP) This chapter describes the Simple Network Management Protocol (SNMP), SNMP Management Information Bases (MIBs), and how to configure SNMP on Cisco
More informationConfiguring SNMP Monitoring
17 CHAPTER This chapter describes how to configure SNMP traps, recipients, community strings and group associations, user security model groups, and user access permissions. Note Throughout this chapter,
More informationThis section describes how to set up, find and delete community strings.
SNMP V1/V2c setup SNMP community strings, page 1 SNMP notification destinations, page 4 SNMP community strings Set up community string This section describes how to set up, find and delete community strings.
More informationConfiguring Secure Socket Layer (SSL)
7 Configuring Secure Socket Layer (SSL) Contents Overview...................................................... 7-2 Terminology................................................... 7-3 Prerequisite for Using
More informationLab 2.5.2a Configure SSH
Lab 2.5.2a Configure SSH Objective Scenario Topology In this lab, the students will complete the following tasks: Configuring a router as a Secure Shell (SSH) server Version 1. Install and configure a
More informationLab 8.3.1.2 Configure Basic AP Security through IOS CLI
Lab 8.3.1.2 Configure Basic AP Security through IOS CLI Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, the student will learn the following
More informationConfiguring and Monitoring Citrix Access Gateway-Linux Servers. eg Enterprise v5.6
Configuring and Monitoring Citrix Access Gateway-Linux Servers eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice.
More informationIntroduction to Simple Network Management Protocol (SNMP)
Introduction to Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) is an application layer protocol for collecting information about devices on the network. It is part
More informationConfiguring SNMP CHAPTER7
CHAPTER7 This chapter describes how to configure Simple Network Management Protocol (SNMP) to query the Cisco Application Control Engine (ACE) module for Cisco Management Information Bases (MIBs) and to
More informationWS_FTP Professional 12. Security Guide
WS_FTP Professional 12 Security Guide Contents CHAPTER 1 Secure File Transfer Selecting a Secure Transfer Method... 1 About SSL... 2 About SSH... 2 About OpenPGP... 2 Using FIPS 140-2 Validated Cryptography...
More informationSNMP Simple Network Management Protocol
SNMP Simple Network Management Protocol Simple Network Management Protocol SNMP is a framework that provides facilities for managing and monitoring network resources on the Internet. Components of SNMP:
More informationNetwork Management Card Security Implementation
[ APPLICATION NOTE #67 ] OFFER AT A GLANCE Offers Involved Network Management Card, APC Security Wizard Applications Configuration and monitoring of network managed devices Broad Customer Problem Secure
More informationRemote Management. Vyatta System. REFERENCE GUIDE SSH Telnet Web GUI Access SNMP VYATTA, INC.
VYATTA, INC. Vyatta System Remote Management REFERENCE GUIDE SSH Telnet Web GUI Access SNMP Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com 650 413 7200 1 888 VYATTA 1 (US and Canada)
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationConfiguring SSH and Telnet
This chapter describes how to configure Secure Shell Protocol (SSH) and Telnet on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information About
More informationTech Note Cisco IOS SNMP Traps Supported and How to Conf
Tech Note Cisco IOS SNMP Traps Supported and How to Conf Table of Contents Cisco IOS SNMP Traps Supported and How to Configure Them...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationSNMP SECURITY A CLOSER LOOK JEFFERY E. HAMMONDS EAST CAROLINA UNIVERSITY ICTN 6865
SNMP SECURITY A CLOSER LOOK JEFFERY E. HAMMONDS EAST CAROLINA UNIVERSITY ICTN 6865 NOVEMBER 25, 2013 SNMP SECURITY 2 ABSTRACT As a Network Monitoring System Administrator I have gained a substantial amount
More informationConfiguring and Monitoring Hitachi SAN Servers
Configuring and Monitoring Hitachi SAN Servers eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this
More informationConfiguring and Monitoring Bluecoat AntiVirus
Configuring and Monitoring Bluecoat AntiVirus eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this
More informationUser s Guide. SNMPWEBCARD Firmware Version 12.06.0062 through 12.06.0065 Revision A
WARRANTY REGISTRATION: register online today for a chance to win a FREE Tripp Lite product www.tripplite.com/warranty User s Guide SNMPWEBCARD Firmware Version 12.06.0062 through 12.06.0065 Revision A
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationNetwork Management Card. User Manual
User Manual 1 Contents Contents 2 Chapter 1 Overview 3 1.1 NMC package contents 4 1.2 NMC CD Resources 4 1.3 Features 4 1.4 NMC Applications 5 Chapter 2 NMC parameters setting via serial COM port 6 2.1
More informationFor the protocol access paths listed in the following table, the Sentry firmware actively listens on server ports to provide security for the CDU.
CDU Security This provides a quick reference for access paths to Server Technology s Cabinet Distribution Unit (CDU) products, shows if the access path is secure, and if so, provides an overview of how
More informationEnabling Remote Access to the ACE
CHAPTER 2 This chapter describes how to configure remote access to the Cisco Application Control Engine (ACE) module by establishing a remote connection by using the Secure Shell (SSH) or Telnet protocols.
More informationNetwork FAX Driver. Operation Guide
Network FAX Driver Operation Guide About this Operation Guide This Operation Guide explains the settings for the Network FAX driver as well as the procedures that are required in order to use the Network
More informationConfiguring Secure Socket Layer HTTP
Finding Feature Information, page 1 Prerequisites for Configuring the Switch for Secure Sockets Layer HTTP, page 1 Restrictions for Configuring the Switch for Secure Sockets Layer HTTP, page 2 Information
More informationPowerChute TM Network Shutdown Security Features & Deployment
PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network
More informationWS_FTP Professional 12. Security Guide
WS_FTP Professional 12 Security Guide Contents CHAPTER 1 Secure File Transfer Selecting a Secure Transfer Method... 1 About SSL... 1 About SSH... 2 About OpenPGP... 2 Using FIPS 140-2 Validated Cryptography...
More informationTandem Systems, Ltd. WinAgents HyperConf. User s Guide
Tandem Systems, Ltd. WinAgents HyperConf User s Guide Tandem Systems, Ltd. 02.04.2010 Table of Contents Overview... 4 System Requirements... 4 Quick Start... 4 1-2-3-Start!... 4 1. Set default parameters
More informationAcano solution. Certificate Guidelines R1.7. for Single Split Acano Server Deployments. December 2015 76-1059-01-F
Acano solution Certificate Guidelines R1.7 for Single Split Acano Server Deployments December 2015 76-1059-01-F This guide is part of the documentation set (shown in Figure 1) for the Acano server. The
More informationHushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications
Hushmail Express Password Encryption in Hushmail Brian Smith Hush Communications Introduction...2 Goals...2 Summary...2 Detailed Description...4 Message Composition...4 Message Delivery...4 Message Retrieval...5
More informationManagement, Logging and Troubleshooting
CHAPTER 15 This chapter describes the following: SNMP Configuration System Logging SNMP Configuration Cisco NAC Guest Server supports management applications monitoring the system over SNMP (Simple Network
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationWS_FTP Professional 12
WS_FTP Professional 12 Security Guide Contents CHAPTER 1 Secure File Transfer Selecting a Secure Transfer Method...1 About SSL...1 About SSH...2 About OpenPGP...2 Using FIPS 140-2 Validated Cryptography...2
More informationAcano solution. Certificate Guidelines R1.7. for Single Combined Acano Server Deployments. December 2015 76-1053-01-H
Acano solution Certificate Guidelines R1.7 for Single Combined Acano Server Deployments December 2015 76-1053-01-H This guide is part of the documentation set (shown in Figure 1) for the Acano server.
More informationSecurity certificate management
The operating system security options enable you to manage security certificates in these two ways: Certificate Management Manages certificates, Certificate Trust Lists (CTL), and Certificate Signing Requests
More informationImplementing Secure Shell
Secure Shell (SSH) is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures sessions using standard cryptographic mechanisms, and the application
More informationTable of Contents. Table of Contents
Table of Contents Table of Contents Chapter 1 System Management Configuration... 1 1.1 File Management Configuration... 1 1.1.1 Managing the file system... 1 1.1.2 Commands for the file system... 1 1.1.3
More informationcrypto key generate rsa
, page 2 1 To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the commandinglobal configuration mode. [general-keys usage-keys signature encryption] [label key-label] [exportable] [modulus modulus-size]
More informationUsing IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance
Using IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance Juniper Networks, Inc. 1 Table of Contents Before we begin... 3 Configuring IKEv2 on IVE... 3 IKEv2 Client Side Configuration on Windows
More informationGenerate CSR for Third Party Certificates and Download Unchained Certificates to the WLC
Generate CSR for Third Party Certificates and Download Unchained Certificates to the WLC Document ID: 70584 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information
More informationClearswift Information Governance
Clearswift Information Governance Implementing the CLEARSWIFT SECURE Encryption Portal on the CLEARSWIFT SECURE Email Gateway Version 1.10 02/09/13 Contents 1 Introduction... 3 2 How it Works... 4 3 Configuration
More informationSolarWinds Technical Reference
SolarWinds Technical Reference Using SSL Certificates in Web Help Desk Introduction... 1 How WHD Uses SSL... 1 Setting WHD to use HTTPS... 1 Enabling HTTPS and Initializing the Java Keystore... 1 Keys
More informationManaging Network Devices
CHAPTER 6 This chapter describes how to manage the devices in your network. This chapter contains the following sections:, page 6-1 Managing Network Device Groups, page 6-7 Importing Network Devices and
More informationDisplaying SSL Certificate and Key Pair Information
CHAPTER 6 Displaying SSL Certificate and Key Pair Information This chapter describes the show commands available for displaying SSL-related information, such as certificate signing request (CSR) parameter
More informationeco PDU PE Series SNMP Settings User Instructions
eco PDU PE Series SNMP Settings User Instructions www.aten.com NRGence User Help User Information Online Registration Be sure to register your product at our online support center: International North
More informationConfiguring and Monitoring Citrix Branch Repeater
Configuring and Monitoring Citrix Branch Repeater eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of
More informationEnhanced Password Security - Phase I
Enhanced Password Security - Phase I Feature History 120(18)S 121(8a)E 122(14)S This feature was introduced Support for this feature was integrated into Cisco IOS Release 121(8a)E This feature was integrated
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationChapter 8 Advanced Configuration
Chapter 8 Advanced Configuration This chapter describes how to configure the advanced features of your ProSafe 802.11g Wireless VPN Firewall FVG318. Configuring Dynamic DNS If your network has a permanently
More informationSNMP in Cisco IOS. The minimum you should know
The minimum you should know SNMP Framework Manager Agent MIB i.e. Cisco Works (or better something that really works) Software component on managed device Collection of objects/variables a manager can
More informationHMRC Secure Electronic Transfer (SET)
HM Revenue & Customs HMRC Secure Electronic Transfer (SET) Installation and key renewal overview Version 3.0 Contents Welcome to HMRC SET 1 What will you need to use HMRC SET? 2 HMRC SET high level diagram
More informationEnhanced Password Security - Phase I
Enhanced Password Security - Phase I Feature History 120(18)S This feature was introduced This document describes the Enhanced Password Security feature in It includes the following sections: Feature Overview,
More informationSSL... 2 2.1. 3 2.2. 2.2.1. 2.2.2. SSL VPN
1. Introduction... 2 2. Remote Access via SSL... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Software and Certificates...10
More informationCA Nimsoft Unified Management Portal
CA Nimsoft Unified Management Portal HTTPS Implementation Guide 7.6 Document Revision History Document Version Date Changes 1.0 June 2014 Initial version for UMP 7.6. CA Nimsoft Monitor Copyright Notice
More informationMonitoring the BlackBerry Enterprise Server
Monitoring the BlackBerry Enterprise Server eg Enterprise v6.0 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this
More informationSecure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,
Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The main
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationDESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014
DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 Contents Overview... 2 System requirements:... 2 Before installing... 3 Download and installation... 3 Configure DESLock+ Enterprise Server...
More informationDell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide
Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer.
More informationData Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationConfiguring CSS Remote Access Methods
CHAPTER 11 Configuring CSS Remote Access Methods This chapter describes how to configure the Secure Shell Daemon (SSH), Remote Authentication Dial-In User Service (RADIUS), and the Terminal Access Controller
More informationAstaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via SSL Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If you are not
More informationLepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with
Lepide Active Directory Self Service Configuration Guide 2014 Follow the simple steps given in this document to start working with Lepide Active Directory Self Service Table of Contents 1. Introduction...3
More informationMcAfee Firewall Enterprise 8.2.1
Configuration Guide FIPS 140 2 Revision A McAfee Firewall Enterprise 8.2.1 The McAfee Firewall Enterprise FIPS 140 2 Configuration Guide, version 8.2.1, provides instructions for setting up McAfee Firewall
More informationConfiguring SSL Termination
CHAPTER 4 This chapter describes the steps required to configure a CSS as a virtual SSL server for SSL termination. It contains the following major sections: Overview of SSL Termination Creating an SSL
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationConfiguring Role-Based Access Control
5 CHAPTER This chapter describes how to configure role-based access control (RBAC) on the Cisco Application Control Engine (ACE) module. This chapter contains the following sections: Information About
More informationIBM i Version 7.3. Security Digital Certificate Manager IBM
IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationFIPS 140 2 Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security
FIPS 140 2 Non Proprietary Security Policy IBM Internet Security Systems Proventia GX Series Security Document Version 1.2 January 31, 2013 Document Version 1.2 IBM Internet Security Systems Page 1 of
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationExecutive Summary and Purpose
ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationCisco CMTS Router MIB Overview
CHAPTER 1 This chapter provides an overview of the Cisco Cable Modem Termination System (CMTS) router. This chapter contains the following topics: MIB Description, page 1-1 Benefits of MIB Enhancements,
More informationRELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.
Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationL2 / L3 Switches. Simple Network Management Protocol (SNMP) Configuration Guide
-- L2 / L3 Switches Simple Network Management Protocol (SNMP) Configuration Guide Revision 1.0 Supermicro L2/L3 Switches Configuration Guide 2 The information in this USER S MANUAL has been carefully reviewed
More informationInternet Programming. Security
Internet Programming Security Introduction Security Issues in Internet Applications A distributed application can run inside a LAN Only a few users have access to the application Network infrastructures
More informationImplementing and Managing Security for Network Communications
3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication
More informationRunbook Activity Reference for System Center 2012 R2 Orchestrator
Runbook Activity Reference for System Center 2012 R2 Orchestrator Microsoft Corporation Published: November 1, 2013 Applies To System Center 2012 - Orchestrator Orchestrator in System Center 2012 SP1 System
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationRelease Notes Metered, Switched, Metered-by-Outlet, and Metered-by-Outlet with Switching Rack PDUs
Release Notes Metered, Switched, Metered-by-Outlet, and Metered-by-Outlet with Switching Rack PDUs Released: February 2016 Applicable Rack PDUs: AP88XX Metered Rack PDU AP89XX Switched Rack PDU AP84XX
More informationAbstract. Avaya Solution & Interoperability Test Lab
Avaya Solution & Interoperability Test Lab Configuring Microsoft Windows Server 2008 R2 Certificate Authority and Network Device Enrollment Service with Simple Certificate Enrollment Protocol for use with
More informationScan Report Executive Summary. Part 2. Component Compliance Summary IP Address : 69.43.165.11
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: rsync.net ASV Company: Comodo CA Limited 06-02-2015 Scan expiration date: 08-31-2015 Part 2. Component
More informationConfiguring and Monitoring SiteMinder Policy Servers
Configuring and Monitoring SiteMinder Policy Servers eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part
More informationNetwork Monitoring with SNMP
Network Monitoring with SNMP This document describes how SNMP is used in WhatsUp Gold v11 and provides examples on how to configure performance, active, and passive monitors. Introduction SNMP (Simple
More informationDomino Certification Authority and SSL Certificates
Domino Certification Authority and SSL Certificates Setup Domino as Certification Authority Process Client Certificate Requests Mike Bartlett ibm.com/redbooks Redpaper Redpaper International Technical
More informationTELNET CLIENT 5.11 SSH SUPPORT
TELNET CLIENT 5.11 SSH SUPPORT This document provides information on the SSH support available in Telnet Client 5.11 This document describes how to install and configure SSH support in Wavelink Telnet
More informationSecure Shell (SSH) Protocol
Vanguard Applications Ware IP and LAN Feature Protocols Secure Shell (SSH) Protocol Notice 2008 Vanguard Networks 25 Forbes Blvd. Foxboro, MA 02035 (508) 964-6200 All rights reserved Printed in U.S.A.
More informationEnterprise Security Critical Standards Summary
Enterprise Security Critical Standards Summary The following is a summary of key points in the Orange County Government Board of County Commissioners (OCGBCC) security standards. It is necessary for vendors
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More information